MongoDB HTTP Status

Critical Risk

TCP — Database

Port Overview

Port Number 28017

Service Name MongoDB HTTP Status

Transport Protocol TCP

Category Database

Security Risk Critical

Port Range Registered (1024-49151)

What is Port 28017?

Previously used by MongoDB for its built-in HTTP status interface and REST API, deprecated in MongoDB 3.2 and removed in 3.6. Historically exposed database statistics and admin information over HTTP without authentication. Should be blocked on any legacy MongoDB deployments.

TCP Database

Security Considerations

Port 28017 (MongoDB HTTP Status) is classified as critical risk. This port should not be exposed to the public internet. The service transmits data without encryption, making it vulnerable to eavesdropping, credential theft, and man-in-the-middle attacks.

Recommendation: Block this port at the firewall. Use encrypted alternatives (SSH, SFTP, HTTPS) instead.

Related Ports — Database

66 Oracle SQL*NET 118 SQL Services 156 SQL Service 210 ANSI Z39.50 635 RLZ DBase 800 mdbs_daemon 999 Applix 1433 MS SQL